Author: smh
Date: Mon Aug 4 16:32:08 2014
New Revision: 269522
URL: http://svnweb.freebsd.org/changeset/base/269522
Log:
Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be used in jails e.g.
ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"
Before this change using exec.prestart to configure a CARP address
would result in the wrong MAC being broadcast on startup as jail creates
IP aliases to support ip[4|6].addr before exec.prestart is executed.
PR: 191832
Reviewed by: jamie
MFC after: 1 week
X-MFC-With: r269340
Phabric: D528
Sponsored by: Multiplay
Modified:
head/usr.sbin/jail/command.c
head/usr.sbin/jail/config.c
head/usr.sbin/jail/jail.8
Modified: head/usr.sbin/jail/command.c
==============================================================================
--- head/usr.sbin/jail/command.c Mon Aug 4 15:36:23 2014
(r269521)
+++ head/usr.sbin/jail/command.c Mon Aug 4 16:32:08 2014
(r269522)
@@ -268,7 +268,7 @@ run_command(struct cfjail *j)
pid_t pid;
int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout;
#if defined(INET) || defined(INET6)
- char *addr;
+ char *addr, *extrap, *p, *val;
#endif
static char *cleanenv;
@@ -317,16 +317,30 @@ run_command(struct cfjail *j)
switch (comparam) {
#ifdef INET
case IP__IP4_IFADDR:
- argv = alloca(8 * sizeof(char *));
+ argc = 0;
+ val = alloca(strlen(comstring->s) + 1);
+ strcpy(val, comstring->s);
+ cs = val;
+ extrap = NULL;
+ while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
+ if (extrap == NULL) {
+ *p = '\0';
+ extrap = p + 1;
+ }
+ cs = p + 1;
+ argc++;
+ }
+
+ argv = alloca((8 + argc) * sizeof(char *));
*(const char **)&argv[0] = _PATH_IFCONFIG;
- if ((cs = strchr(comstring->s, '|'))) {
- argv[1] = alloca(cs - comstring->s + 1);
- strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
+ if ((cs = strchr(val, '|'))) {
+ argv[1] = alloca(cs - val + 1);
+ strlcpy(argv[1], val, cs - val + 1);
addr = cs + 1;
} else {
*(const char **)&argv[1] =
string_param(j->intparams[IP_INTERFACE]);
- addr = comstring->s;
+ addr = val;
}
*(const char **)&argv[2] = "inet";
if (!(cs = strchr(addr, '/'))) {
@@ -344,6 +358,15 @@ run_command(struct cfjail *j)
argv[3] = addr;
argc = 4;
}
+
+ if (!down) {
+ for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, "
")) {
+ size_t len = strlen(cs) + 1;
+ argv[argc] = alloca(len);
+ strlcpy(argv[argc++], cs, len);
+ }
+ }
+
*(const char **)&argv[argc] = down ? "-alias" : "alias";
argv[argc + 1] = NULL;
break;
@@ -351,16 +374,30 @@ run_command(struct cfjail *j)
#ifdef INET6
case IP__IP6_IFADDR:
- argv = alloca(8 * sizeof(char *));
+ argc = 0;
+ val = alloca(strlen(comstring->s) + 1);
+ strcpy(val, comstring->s);
+ cs = val;
+ extrap = NULL;
+ while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
+ if (extrap == NULL) {
+ *p = '\0';
+ extrap = p + 1;
+ }
+ cs = p + 1;
+ argc++;
+ }
+
+ argv = alloca((8 + argc) * sizeof(char *));
*(const char **)&argv[0] = _PATH_IFCONFIG;
- if ((cs = strchr(comstring->s, '|'))) {
- argv[1] = alloca(cs - comstring->s + 1);
- strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
+ if ((cs = strchr(val, '|'))) {
+ argv[1] = alloca(cs - val + 1);
+ strlcpy(argv[1], val, cs - val + 1);
addr = cs + 1;
} else {
*(const char **)&argv[1] =
string_param(j->intparams[IP_INTERFACE]);
- addr = comstring->s;
+ addr = val;
}
*(const char **)&argv[2] = "inet6";
argv[3] = addr;
@@ -370,6 +407,15 @@ run_command(struct cfjail *j)
argc = 6;
} else
argc = 4;
+
+ if (!down) {
+ for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, "
")) {
+ size_t len = strlen(cs) + 1;
+ argv[argc] = alloca(len);
+ strlcpy(argv[argc++], cs, len);
+ }
+ }
+
*(const char **)&argv[argc] = down ? "-alias" : "alias";
argv[argc + 1] = NULL;
break;
Modified: head/usr.sbin/jail/config.c
==============================================================================
--- head/usr.sbin/jail/config.c Mon Aug 4 15:36:23 2014 (r269521)
+++ head/usr.sbin/jail/config.c Mon Aug 4 16:32:08 2014 (r269522)
@@ -576,7 +576,9 @@ check_intparams(struct cfjail *j)
/*
* IP addresses may include an interface to set that address on,
- * and a netmask/suffix for that address.
+ * a netmask/suffix for that address and options for ifconfig.
+ * These are copied to an internal command parameter and then stripped
+ * so they won't be passed on to jailparam_set.
*/
defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
#ifdef INET
@@ -601,6 +603,10 @@ check_intparams(struct cfjail *j)
*cs = '\0';
s->len = cs - s->s;
}
+ if ((cs = strchr(s->s, ' ')) != NULL) {
+ *cs = '\0';
+ s->len = cs - s->s;
+ }
}
}
#endif
@@ -625,6 +631,10 @@ check_intparams(struct cfjail *j)
*cs = '\0';
s->len = cs - s->s;
}
+ if ((cs = strchr(s->s, ' ')) != NULL) {
+ *cs = '\0';
+ s->len = cs - s->s;
+ }
}
}
#endif
Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8 Mon Aug 4 15:36:23 2014 (r269521)
+++ head/usr.sbin/jail/jail.8 Mon Aug 4 16:32:08 2014 (r269522)
@@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 10, 2014
+.Dd August 4, 2014
.Dt JAIL 8
.Os
.Sh NAME
@@ -687,18 +687,24 @@ jail is created, and will be removed fro
jail is removed.
.It Va ip4.addr
In addition to the IP addresses that are passed to the kernel, an
-interface and/or a netmask may also be specified, in the form
-.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask .
+interface, netmask and additional paramters (as supported by
+.Xr ifconfig 8 Ns )
+may also be specified, in the form
+.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask param ... .
If an interface is given before the IP address, an alias for the address
will be added to that interface, as it is with the
.Va interface
parameter.
If a netmask in either dotted-quad or CIDR form is given
after an IP address, it will be used when adding the IP alias.
+If additional parameters are specified then they will also be used when
+adding the IP alias.
.It Va ip6.addr
In addition to the IP addresses that are passed to the kernel,
-an interface and/or a prefix may also be specified, in the form
-.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix .
+an interface, prefix and additional parameters (as supported by
+.Xr ifconfig 8 Ns )
+may also be specified, in the form
+.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... .
.It Va vnet.interface
A network interface to give to a vnet-enabled jail after is it created.
The interface will automatically be released when the jail is removed.
@@ -1177,6 +1183,7 @@ environment of the first jail.
.Xr pkill 1 ,
.Xr ps 1 ,
.Xr quota 1 ,
+.Xr ifconfig 8 ,
.Xr jail_set 2 ,
.Xr devfs 5 ,
.Xr fdescfs 5 ,
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
